Page MenuHomeFreeBSD
Differential D45420

mitigations.7: mention supervisor mode memory access protections
ClosedPublic
Actions

Authored by emaste on May 31 2024, 2:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jun 8, 9:30 AM
Unknown Object (File)
Fri, Jun 6, 9:58 PM
Unknown Object (File)
Fri, Jun 6, 2:53 PM
Unknown Object (File)
Wed, May 28, 12:55 PM
Unknown Object (File)
Fri, May 23, 4:08 PM
Unknown Object (File)
Wed, May 14, 7:57 PM
Unknown Object (File)
Tue, May 13, 7:17 AM
Unknown Object (File)
Apr 23 2025, 9:31 PM
View All Files
Subscribers
andrew

Details

Reviewers
olce
imp
kib
Commits
rGf8c73ba5981c: mitigations.7: mention supervisor mode memory access protections
rG72ece341b427: mitigations.7: mention supervisor mode memory access protections

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

emaste requested review of this revision.May 31 2024, 2:15 PM
emaste created this revision.
imp accepted this revision.May 31 2024, 2:20 PM
This revision is now accepted and ready to land.May 31 2024, 2:20 PM
olce accepted this revision.May 31 2024, 2:26 PM
olce added inline comments.
share/man/man7/mitigations.7
249
emaste added inline comments.May 31 2024, 2:29 PM
share/man/man7/mitigations.7
239

small addition staged in my tree

emaste updated this revision to Diff 139260.May 31 2024, 2:50 PM
emaste added a reviewer: kib.

Describe the two different features in more detail

This revision now requires review to proceed.May 31 2024, 2:50 PM
kib added a comment.May 31 2024, 2:59 PM

It is also worth mentioning that SMAP/PAN provide very effective NULL pointer dereference protection in kernel, and make mapping a page at address zero safe.

share/man/man7/mitigations.7
239

'not owned by the kernel' is a weird formulation, I even have to stop digesting it. The right way to express it is probably 'pages accessible to userspace/non-privileged code'.

andrew added a subscriber: andrew.May 31 2024, 3:03 PM
andrew added inline comments.
share/man/man7/mitigations.7
248

I think PAN only prevents read/write as it's just for data accesses.

emaste updated this revision to Diff 139262.May 31 2024, 3:04 PM

feedback from @kib

emaste updated this revision to Diff 139263.May 31 2024, 3:05 PM

Feedback from @andrew

kib accepted this revision.May 31 2024, 3:20 PM
This revision is now accepted and ready to land.May 31 2024, 3:20 PM
Closed by commit rG72ece341b427: mitigations.7: mention supervisor mode memory access protections (authored by emaste). · Explain WhyMay 31 2024, 7:36 PM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rG72ece341b427: mitigations.7: mention supervisor mode memory access protections.
emaste added a commit: rGf8c73ba5981c: mitigations.7: mention supervisor mode memory access protections.Aug 1 2024, 2:48 PM

Revision Contents
Changeset List

PathSize
share/
man/
man7/
21 lines

Diff 139260

View Options

share/man/man7/mitigations.7

Loading...